Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 27 replies
  • Subscribers 2 subscribers
  • Views 79306 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues with IPSec site-to-site to ASG behind/ in front of NAT

coewar
There is a problem with the AMI. When creating an IPsec site-to-site VPN connection, it's assuming to use the Internal NIC's private IP which is wrong. And hence the opposite router has errors like this:

 we require peer to have ID 'xx.xx.xx.xx', but
peer declares '10.243.45.92'

where 'xx.xx.xx.xx' is the public IP of the Astaro.

I have tested also by creating 2 Astaro EC2 instances and they can't VPN to each other.

So then I also tried adding my own IP alias to the Internal NIC, and I can't! It complains saying that it's write-protected.

I assume these things will be fixed?


This thread was automatically locked due to age.
Parents
  • 0
    SO WHAT ABOUT THIS QUESTION!!??

    Why when I configured the same VPN in a Cisco router, did the Cisco router automatically figure out the IP address and just work? Why the heck does Linux pluto system require me to put in the private IP of the final VPN router?
Reply
  • 0
    SO WHAT ABOUT THIS QUESTION!!??

    Why when I configured the same VPN in a Cisco router, did the Cisco router automatically figure out the IP address and just work? Why the heck does Linux pluto system require me to put in the private IP of the final VPN router?
Children
No Data
Unfiltered HTML